Getting Started with Multitenancy SAP BI 4.1

Similar documents
Understanding Security and Rights in SAP BusinessObjects Business Intelligence 4.1

Welcome to the Technical Stream

SAP Business Objects XIR3.0/3.1, BI 4.0 & 4.1 Course Content

Christian Ah-Soon and David François Gonzalez SAP. BusinessObjects BI Security. Bonn Boston

SAP Business Objects Security

How To Upgrade Your System With Bib

September 9 11, 2013 Anaheim, California 507 Demystifying Authentication and SSO Options in Business Intelligence

Session Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence. Greg Wcislo

SAP BusinessObjects Business Intelligence Platform Document Version: 4.1 Support Package Business Intelligence Launch Pad User Guide

Tips and tricks for using SAP BusinessObjects Web Intelligence with SAP BW

How City of Chicago:

Charl du Buisson Charl du Buisson Britehouse Specialist SAP Division

SAP BO 4.1 COURSE CONTENT

SA S P A BO B BJ B COURSE CONTENT 2015

Ingo Hilgefort. Integrating SAP. Business Objects BI with SAP NetWeaver. Bonn Boston

SAP BusinessObjects Business Intelligence Suite Document Version: 4.1 Support Package Patch 3.x Update Guide

Crystal Server Upgrade Guide SAP Crystal Server 2013

BusinessObjects Enterprise XI Release 2 Administrator s Guide

ROI from your BI Using SAP BusinessObjects as your SaaS Solution. Kevin McManus CEO, LaunchWorks Chance Barkley BI Analyst - AmerisourceBergen

Release Document Version: User Guide: SAP BusinessObjects Analysis, edition for Microsoft Office

Deep Dive Monitoring Servers using BI 4.1. Alan Mayer Solid Ground Technologies SESSION CODE: 0305

Business Intelligence Competency Partners

Information Design Tool User Guide SAP BusinessObjects Business Intelligence platform 4.0 Feature Pack 3

Learn more about BI Monitoring

D83167 Oracle Data Integrator 12c: Integration and Administration

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview

Business Objects BI Platform 4.x with SAP NetWeaver

SAAS. Best practices for SAAS implementation using an Open Source Portal (JBoss)

August 2014 San Antonio Texas The Power of Embedded Analytics with SAP BusinessObjects

Delivering Personalized and Secure Business Intelligence

SBOP Repository Explorer. Installation and Configuration Guide v (2014)

Creating and Scheduling Publications for Dynamic Recipients on SAP Business Objects Enterprise

Copyright 2014 Jaspersoft Corporation. All rights reserved. Printed in the U.S.A. Jaspersoft, the Jaspersoft

Make It Look Like Your Own: Customizing SAP BI 4.1

InfoView User s Guide. BusinessObjects Enterprise XI Release 2

Sage Intelligence Financial Reporting for Sage ERP X3 Version 6.5 Installation Guide

SAP BO Course Details

TREENO ELECTRONIC DOCUMENT MANAGEMENT. Administration Guide

Reporting and Analysis with SAP BusinessObjects

Vector HelpDesk - Administrator s Guide

User Influence becomes SAP Application : SAP BI 4.1 (System Configuration Wizard)

OneStop Reporting 3.7 Installation Guide. Updated:

BusinessObjects Enterprise InfoView User's Guide

WebFOCUS 8: Technical Overview

SAP BusinessObjects Business Intelligence platform Document Version: 4.1 Support Package Information Design Tool User Guide

SAP Crystal Reports & SAP HANA: Integration & Roadmap Kenneth Li SAP SESSION CODE: 0401

Components of SAP BusinessObjects 4.0 An Overview. Adam Getz Practice Manager, Business Intelligence DCS Consulting, Inc.

Building Views and Charts in Requests Introduction to Answers views and charts Creating and editing charts Performing common view tasks

Creating an Enterprise Reporting Bus with SAP BusinessObjects

BIA and BO integration other performance management options Crystal Reports Basic: Fundamentals of Report Design

NNMi120 Network Node Manager i Software 9.x Essentials

Oracle Data Integrator 11g New Features & OBIEE Integration. Presented by: Arun K. Chaturvedi Business Intelligence Consultant/Architect

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Vyapin Office 365 Management Suite

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

BusinessObjects XI. New for users of BusinessObjects 6.x New for users of Crystal v10

Administering Avaya one-x Agent with Central Management

NS DISCOVER 4.0 ADMINISTRATOR S GUIDE. July, Version 4.0

SAP BusinessObjects Dashboards

8902 How to Generate Universes from SAP Sybase PowerDesigner. Revision:

Kaseya 2. User Guide. Version 1.1

Online Courses. Version 9 Comprehensive Series. What's New Series

Role Based Administration for LDMS 9.0 SP2

Project management integrated into Outlook

SAP Business Objects Business Intelligence platform Document Version: 4.1 Support Package Data Federation Administration Tool Guide

White Paper. Security Model. Sage ACT! maximizes flexibility and provides options for securing data. Table of Contents

SAP Business One mobile app for Android

SAP BusinessObjects Business Intelligence (BI) platform Document Version: 4.1, Support Package Report Conversion Tool Guide

Oracle Data Integrator 12c: Integration and Administration

Oracle Data Integrator 11g: Integration and Administration

Administration Quick Start

What s New Guide: Version 5.6

BusinessObjects Enterprise XI 3.1 Import Wizard Guide

ITPS AG. Aplication overview. DIGITAL RESEARCH & DEVELOPMENT SQL Informational Management System. SQL Informational Management System 1

Microsoft Project Server 2010 Administrator's Guide

SAS 9.4 Management Console

Business Explorer (BEx)

VMware Identity Manager Administration

CA Clarity PPM. Connector for Microsoft SharePoint Product Guide. Service Pack

Creating a universe on Hive with Hortonworks HDP 2.0

PRiSM Security. Configuration and considerations

SAP Business Objects BO BI 4.1

WatchDox Administrator's Guide. Application Version 3.7.5

CA Business Intelligence for CA Service Desk Manager

User Management Guide

BusinessObjects XI R2 Product Documentation Roadmap

How to Move an SAP BusinessObjects BI Platform System Database and Audit Database

Business Insight Report Authoring Getting Started Guide

Jet Data Manager 2012 User Guide

Course Agenda: Managing Active Directory with NetIQ Directory and Resource Administrator and NetIQ Exchange Administrator

SAP BO 4.1 Online Training

VMware Mirage Web Manager Guide

Transcription:

September 9 11, 2013 Anaheim, California Getting Started with Multitenancy SAP BI 4.1 Christina Obry, SAP

Learning Points Learn how to successfully implement the SAP BusinessObjects BI platform in a multitenant environment Learn about different multitenant deployment models and key considerations for data security and content organization Discover how the Tenant Provisioning Tool allows you to streamline the onboarding of a new tenant, hence reducing error prone manual operations 2

Agenda Multitenancy Best Practices for SAP BusinessObjects BI Platform Multitenancy in and BI 4.1 Delegated Administration (BI 4.0 SP4) Custom User Attributes (BI 4.0 SP4) Tenant Provisioning Tool (BI 4.0 SP4) Tenant definition in CMC (BI 4.1) Limitation on concurrent logons per tenant (BI 4.1) Tenant ID in auditing record (BI 4.1) 3

Multitenancy Best Practices for SAP BusinessObjects BI Platform 4

Deployment options Application (BOE) Application (BOE) Application (BOE) Virtualization Application (BOE) Virtualization Application (BOE) Hardware Hardware Hardware Hardware Single-tenant Single-tenant Multi-tenant

Multi-tenancy best practice Data Storage and Schema Security Tenant management Application (BOE) Hardware Operation Customization

Data storage and schema BI Platform enables different deployment models Exemplified in three common models Mixed model or variations possible tenant BI content universe database Separate database with distinct semantic layer Separate database with shared semantic layer Shared database and semantic layer

Data storage and schema BI Platform enables different deployment models Exemplified in three common models Mixed model or variations possible Strong data separation Simpler database design More flexibility tenant BI content universe database Separate database with distinct semantic layer Separate database with shared semantic layer Shared database and semantic layer

Data storage and schema BI Platform enables different deployment models Exemplified in three common models Mixed model or variations possible Strong data separation Lower maintenance of semantic layer and BI content tenant BI content universe database Separate database with distinct semantic layer Separate database with shared semantic layer Shared database and semantic layer

Data storage and schema BI Platform enables different deployment models Exemplified in three common models Mixed model or variations possible Maximize resource sharing Lower maintenance of semantic layer and BI content tenant BI content universe database Separate database with distinct semantic layer Separate database with shared semantic layer Shared database and semantic layer

BI platform capabilities for multi-tenant data access Table switching by universe restriction Connection switching by universe restriction Universe restriction for row access User identity pass-through for database server side filtering Dynamic query via Universe variable on custom attribute where CompanyCode = @Variable( SI_CompanyCode )

BI platform application security Tenants encapsulated in user-groups and partitioned by BI platform folders Authorization controlled by Access Control List (ACL) User accounts typically managed by the containing business application Account created via BI platform SDK Single sign-on by establishing trust between the application and BI platform

Tenant management Standard tenant structure to lower administration cost Tenant Provisioning Tool to automate tenant on-boarding process Tenant definition in CMC SAP BI 4.1 Activities of tenant users logged in auditing database SAP BI 4.1 Some administration tasks can be passed back to the tenant Subset of Central Management Console functionalities

Operation Hot back-up of BI repository while system running Lifecycle management tool for selective archiving or restoration of tenants BI contents System monitoring to ensure system health and to take proactive action Customer defined condition and alerting Custom probe to check specific BI content or operation, can be tenant specific

Customization Common database schema with extension Additional generic database fields Universe restriction for hiding objects from other tenants Quick access to tenant specific BI contents Tenant specific BI launch pad home page Application UI customization BI launch pad style customizable (system wide at the moment)

Multitenancy in and BI 4.1

Custom User Attributes (1/3) Capability to define some attributes in the CMC that will be attached to each individual user These attributes can be filled manually in the CMC (Enterprise) These attributes can be filled from a LDAP or a SAP data source The CMS must have been configured to authenticate with this data source Define the attribute from LDAP / SAP data source to provide actual values

Custom User Attributes (2/3) New Page in the CMC to list and administer Custom User Attributes Value of Custom User Attributes for each user is displayed in the CMC, in the user properties dialog Administrator can explicitly enter the value for Custom User Attributes defined in the CMS repository Values retrieved from LDAP and SAP data source are displayed

Custom User Attributes (3/3) Attributes exposed in the Semantic Layer Available using @VARIABLE Use the internal name (prefixed with SI_) E.g., @VARIABLE ( SI_TENANT ), @VARIABLE ( SI_COUNTRY ) Can be used In any MDX/SQL Editor In Business Layer Filter In Data Security Profile and Business Security Profile for security filtering Substituted at Query Time

CMC Tab Access CMC application has a large number of tabs. For example CMC has a Folders tab for document management, a Users and Groups tab for user management, a Servers tab for server management, etc. In the previous version of BOE the delegated administrators would have access to all available CMC tabs. In, a system administrator now has the capability to hide any of the CMC tabs that a delegated administrator is not expected to use. For example a delegated administrator in charge of content management may have access to Folders and Users and Groups tab, while other tabs are hidden

Security Rights and CMC Tab Access Management of CMC tab access affects the visual appearance of the CMC user interface. Hiding of CMC tabs is not a security measure. It does not set or modify security rights on objects within tabs. To ensure that users cannot perform unauthorized operations on unauthorized objects (for example, manage servers through the Central Configuration Manager or third-party software based on the BI platform SDK), you must set appropriate security rights on objects (for example on server objects). Always set proper security rights on objects inside the CMC tab in addition to setting up CMC tab access. The Administrator user will always have access to all CMC tabs.

Enable Restricting CMC Tab Access

Managing CMC Tab Access

Managing CMC Tab Access (Cont)

Managing CMC Tab Access (Cont)

Managing CMC Tab Access (Cont)

Delegated Administrators User Groups To simplify CMC tab management you can create a set of delegated administrator user groups. You can grant CMC tab access by making an existing user or user group a member of a delegated administrator user group without configuring CMC tab access individually. The following user groups may be created, but it can be modified for specific business needs. User Group System Administrators User Administrators Content Administrators CMC Tabs Access Granted Grant access to all tabs. Grant access to Access Levels, Folders, Inboxes, Personal Folders, Personal Categories, Query Results, Sessions, and User and Groups. Set all other tabs to Inherited. Grant access to Calendars, Categories, Events, Folders, Instance Manager, Personal Categories, Personal Folders, Profiles, Query Results, and Universes. Set all other tabs to Inherited. Server Administrators Grant access to Servers and Applications. Set all other tabs to Inherited. Membership in multiple groups will result in the addition of rights, if the rights are set to Inherited.

Tenant Provisioning Tool Tenant Onboarding Process Tenants in a multi-tenants system have structural similarity. Tenant templates serve as model to manage tenants in a well defined and repeatable manner. Create an exemplar tenant in the system: Do once for all tenants Using standard tools such as CMC and Universe designer Run the Command line tool to add a new tenant

Tenant Provisioning Tool Automatable Operations Operations automated by the tenant provisioning tool Creating user groups Creating folders Setting ACL (Access Control List) on folders Copying documents and universes from template folder to individual tenant folder Adding universe restrictions for UNV only Creating connections Materializing tenant objects from template

Tenant Provisioning Tool Tenant Template Definition File Tenant template definition file describes the location of tenant template, and specifies run time options tenantname=companyabc templatetoken=$tenanttemplate$ templatecontentfolder =$TenantTemplate$_; templateuniversefolder =$TenantTemplate$ templateconnectionfolder =$TenantTemplate$ templatecategoryfolder =$TenantTemplate$ templateeventfolder=/custom Events/ $TenantTemplate$; Just an extract! optionincludeuniverses=false optionincludeconnections=false optionincludecategories=true optionincludeevents=true optionincludeaccesslevels=true optionuseshareduniverses=false

Tenant Provisioning Tool Provisioning After a tenant is created, the standard content (documents, universe, connection) can still undergo changes. New stock BI documents made available to tenants Changes to stock BI documents Changes to stock universe The tool does not handle the situation where a content copied to the tenant is modified by the tenant itself as well as by the central provider. In this case the tool would not attempt any merging of changes from two paths.

Tenant Provisioning Tool Tenant Template Template Folders User Group templates Template Documents

Tenant Provisioning Tool Run time Tenant_template_def.properties

Tenant Provisioning Tool Run time You run the tenant provisioning tool from the Command Prompt. When done it shows you what it created.

Tenant Provisioning Tool Run time Your Access Levels content before running the tenant provisioning tool. Your Access Levels content after running the tenant provisioning tool.

Tenant Provisioning Tool Run time Tenant specific content

Tenant Provisioning Tool - Supported Document Scenarios Direct to data: CR CR4Ent Shared database and semantic layer CR4Ent connected to single-source unx, pquery and BICS WebI connected to unv including universe restriction overload WebI connected to single-source unx, BICS (as of 4.1) Separate database with distinct semantic layer CR4Ent connected to single source unx WebI connected to unv and single-source unx (as of 4.1.) Separate database with shared semantic layer WebI connected to unv using universe connection overload / SAP BI 4.1

Tenant definition in CMC (1/4) SAP BI 4.1 Tenants that were onboarded via the tenant onboarding command line tool are now visible in a new Multitenancy tab in the CMC

Tenant definition in CMC (2/4) SAP BI 4.1 Ability to change tenant properties such as tenant name, concurrent user limit and associated user groups

Tenant definition in CMC (3/4) SAP BI 4.1 Ability to see which user or user group belongs to which tenant New Tenant column is filterable

Tenant definition in CMC (4/4) SAP BI 4.1 Ability to delete a tenant and all its associate infoobjects with the option to exclude certain infoobjects

Limitation on concurrent logons per tenant (1/2) Ensure service availability by limiting the number of concurrent users that a tenant can logon at a given time. Once the tenant's limit has been reached no further tenant s users will be able to log on until another tenant's user has logged out. SAP BI 4.1

Limitation on concurrent logons per tenant (2/2) SAP BI 4.1 Ability to set concurrent user limit at tenant onboarding time in the tenant definition file or via CMC UI # (Mandatory) Name of the tenant being added. tenantname=xyz # (Mandatory) Template token identifier used for tenant name replacing templatetoken=$tenant_template$ # (Optional) Number of concurrent users allowed for the tenant being # added. Defaults to -1 meaning unlimited in which # case the number of concurrent users for this tenant will only be # limited by what the BOE license key allows # for the entire system. When not specified, this option will be set to # default during the tenant's first on-board, # or unchanged during tenant's provisioning. # - Tenant specific info tenantconcurrentuserlimit=100

Tenant ID in auditing record SAP BI 4.1 Ability to track system usages by tenant using auditing functionality Applications can include tenant billing that depends on resources utilization. For example the following metrics can be used for billing: number of logons by a tenant, number of report views or refreshes, etc. Enable and configure auditing events that you are interested it. To determine which auditing event is generated by which tenant use 2 new lookup tables in the auditing database: ADS_TENANT and ADS_USER

New Tables SAP BI 4.1 ADS_TENANT table: Cluster_ID Tenant_ID Tenant_Name AWNaY20WHpGok DNah47WHhsKZ Company A ADS_USER table: Cluster_ID Tenant_ID User_ID User_Name AWNaY20WHpGok DNah47WHhsKZ SBUn83SZOw_91 John McGreg Joins should be performed between: ADS_TENANT.Tenant_ID and ADS_USER.Tenant_ID ADS_USER.User_ID and ADS_EVENT.User_ID ADS_TENANT.Cluster_ID and ADS_CLUSTER_Cluster_ID ADS_USER.Cluster_ID and ADS_CLUSTER_Cluster_ID

More Information Business Intelligence Platform Multitenancy Guide Enabling SaaS Solutions with Multitenant BI Best Practices (based on BI 3.1) Best Practices for BI 4.x Shared Service Deployments Overview of SAP BI 4.x Multitenancy Management Tool Delegated administration in User Attribute Mapping in BI4 - in depth

Questions? 47

Thank you for participating. Please provide feedback on this session by completing a short survey via the event mobile application. SESSION CODE: 0315 Learn more year-round at www.asug.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information